Add more create_user checks
This commit is contained in:
parent
1d5023c41b
commit
63f17cfc7a
|
@ -11,6 +11,10 @@ from amanuensis.db import DbContext, User
|
|||
from amanuensis.errors import ArgumentError
|
||||
|
||||
|
||||
RE_NO_LETTERS = re.compile(r'^[0-9-_]*$')
|
||||
RE_ALPHANUM_DASH_UNDER = re.compile(r'^[A-Za-z0-9-_]*$')
|
||||
|
||||
|
||||
def create_user(
|
||||
db: DbContext,
|
||||
username: str,
|
||||
|
@ -22,19 +26,30 @@ def create_user(
|
|||
Create a new user.
|
||||
"""
|
||||
# Verify username
|
||||
if not isinstance(username, str):
|
||||
raise ArgumentError('Username must be a string')
|
||||
if len(username) < 3 or len(username) > 32:
|
||||
raise ArgumentError('Username must be between 3 and 32 characters')
|
||||
if re.match(r'^[0-9-_]*$', username):
|
||||
if RE_NO_LETTERS.match(username):
|
||||
raise ArgumentError('Username must contain a letter')
|
||||
if not re.match(r'^[A-Za-z0-9-_]*$', username):
|
||||
if not RE_ALPHANUM_DASH_UNDER.match(username):
|
||||
raise ArgumentError('Username may only contain alphanumerics, dash, and underscore')
|
||||
|
||||
# Verify password
|
||||
if not password:
|
||||
raise ArgumentError('Password must be provided')
|
||||
if not isinstance(password, str):
|
||||
raise ArgumentError('Password must be a string')
|
||||
|
||||
# Verify display name
|
||||
if display_name is not None and not isinstance(display_name, str):
|
||||
raise ArgumentError('Display name must be a string')
|
||||
# If display name is not provided, use the username
|
||||
if not display_name or not display_name.strip():
|
||||
display_name = username
|
||||
|
||||
# Verify email
|
||||
if not isinstance(email, str):
|
||||
raise ArgumentError('Email must be a string')
|
||||
|
||||
# Query the db to make sure the username isn't taken
|
||||
if db.session.query(func.count(User.id)).filter(User.username == username).scalar() > 0:
|
||||
raise ArgumentError('Username is already taken')
|
||||
|
|
Loading…
Reference in New Issue